Analysis of the Trojan, detected as Linux.BackDoor.Irc.16, reveals this may be only a proof-of-concept or a testing version in advance to a fully weaponized version.

Right now the Trojan only infects victims, gathers information about the local system and sends it to its C&C server.

The Rust-coded Trojan, also integrates the “irc” Rust library by Aaron Weiss, in order to communicate via the IRC protocol to a remote IRC public channel. Rust is a programming language sponsored by the Mozilla Foundation.

All Trojans that infect a target will automatically connect to this IRC channel and wait for commands.

The hacker in control of this IRC channel can submit a message to the channel’s public chat, and all connected bots will parse this message and execute it.

Support is currently included only for a limited set of commands, which is why Dr.Web researchers think this is malware its developers are still working on.

Researchers said the botnet’s operator can currently only query a bot for its technical specifications, retrieve a list of running processes (apps), and kill the malware, if they want to remove a bot. There’s also support for a feature that updates the Trojan’s source code, but it has not yet undergone full implementation.